CVE-2024-21527

Summary

Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when a request is made to a file via localhost, such as <iframe src="\localhost/etc/passwd">. By exploiting this vulnerability, an attacker can achieve local file inclusion, allowing of sensitive files read on the host system. Workaround An alternative is using either or both –chromium-deny-list and –chromium-allow-list flags.

Affected Software

VendorProductVersion RangeStatus
n/agithub.com/gotenberg/gotenberg/v8/pkg/gotenberg0 < 8.1.0affected
n/agithub.com/gotenberg/gotenberg/v8/pkg/modules/chromium0 < 8.1.0affected
n/agithub.com/gotenberg/gotenberg/v8/pkg/modules/webhook0 < 8.1.0affected

Weaknesses

  • CWE-918: Server-side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References